From 05ee5212124ac301d324e829de3f7ec4d21e5b41 Mon Sep 17 00:00:00 2001
From: RaviAnand Mohabir <moravrav@gmail.com>
Date: Tue, 24 Jan 2023 13:50:25 +0100
Subject: [PATCH 1/8] feat: :sparkles: implement Drone Server Terraform module

---
 main.tf      | 184 +++++++++++++++++++++++++++++++++++++++++++++++++++
 outputs.tf   |  15 +++++
 variables.tf | 147 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 346 insertions(+)
 create mode 100644 main.tf
 create mode 100644 outputs.tf
 create mode 100644 variables.tf

diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..5775f61
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,184 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.13.1"
+    }
+  }
+}
+
+locals {
+  match_labels = merge({
+    "app.kubernetes.io/instance" = "drone"
+    "app.kubernetes.io/name"     = "drone-server"
+  }, var.match_labels)
+  labels = merge(local.match_labels, {
+    "app.kubernetes.io/version" = var.image_tag
+  }, var.labels)
+}
+
+resource "kubernetes_service_account" "drone_server" {
+  metadata {
+    name      = "drone-server"
+    namespace = var.namespace
+    labels    = local.labels
+  }
+}
+
+resource "kubernetes_deployment" "drone_server" {
+  metadata {
+    name      = "drone-server"
+    namespace = var.namespace
+    labels    = local.labels
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = local.match_labels
+    }
+    template {
+      metadata {
+        labels = local.labels
+        annotations = {
+          "ravianand.me/config-hash" = sha1(jsonencode(merge(
+            kubernetes_config_map.drone_server.data,
+            kubernetes_secret.drone_server.data
+          )))
+        }
+      }
+      spec {
+        service_account_name = kubernetes_service_account.drone_server.metadata.0.name
+        container {
+          image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}"
+          name  = "drone"
+          env_from {
+            config_map_ref {
+              name = kubernetes_config_map.drone_server.metadata.0.name
+            }
+          }
+          env {
+            name = "DRONE_GITEA_CLIENT_SECRET"
+            value_from {
+              secret_key_ref {
+                name     = kubernetes_secret.drone_server.metadata.0.name
+                key      = "gitea-secret"
+                optional = true
+              }
+            }
+          }
+          env {
+            name = "DRONE_RPC_SECRET"
+            value_from {
+              secret_key_ref {
+                name = kubernetes_secret.drone_server.metadata.0.name
+                key  = "rpc-secret"
+              }
+            }
+          }
+          env {
+            name = "DRONE_DATABASE_DATASOURCE"
+            value_from {
+              secret_key_ref {
+                name = kubernetes_secret.drone_server.metadata.0.name
+                key  = "database-url"
+              }
+            }
+          }
+          env {
+            name = "DRONE_DATABASE_SECRET"
+            value_from {
+              secret_key_ref {
+                name = kubernetes_secret.drone_server.metadata.0.name
+                key  = "database-secret"
+              }
+            }
+          }
+          port {
+            name           = "http"
+            container_port = 80
+            protocol       = "TCP"
+          }
+          liveness_probe {
+            http_get {
+              path = "/healthz"
+              port = "http"
+            }
+          }
+          readiness_probe {
+            http_get {
+              path = "/healthz"
+              port = "http"
+            }
+          }
+          resources {}
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "drone_server" {
+  metadata {
+    name      = "drone-server"
+    namespace = var.namespace
+    labels    = local.labels
+  }
+  spec {
+    selector = local.match_labels
+    type     = "ClusterIP"
+    port {
+      port        = 80
+      name        = "http"
+      target_port = "http"
+    }
+  }
+}
+
+resource "random_id" "rpc_secret_key" {
+  byte_length = 16
+}
+
+resource "random_id" "database_secret_key" {
+  byte_length = 16
+}
+
+resource "kubernetes_secret" "drone_server" {
+  metadata {
+    name      = "drone-server"
+    namespace = var.namespace
+  }
+  data = {
+    "database-url"    = var.drone_database_datasource
+    "rpc-secret"      = random_id.rpc_secret_key.hex
+    "database-secret" = random_id.database_secret_key.hex
+    "gitea-secret"    = var.drone_gitea_secret
+  }
+}
+
+resource "kubernetes_config_map" "drone_server" {
+  metadata {
+    name      = "drone-server-env"
+    namespace = var.namespace
+  }
+
+  data = {
+    DRONE_SERVER_HOST         = var.drone_host
+    DRONE_SERVER_PROTO        = var.drone_proto
+    DRONE_SERVER_PORT         = ":80"
+    DRONE_USER_CREATE         = "username:${var.drone_admin},admin:true"
+    DRONE_USER_FILTER         = var.drone_user_filter
+    DRONE_REGISTRATION_CLOSED = var.drone_registration_closed
+    DRONE_GITEA_SERVER        = var.drone_gitea_url
+    DRONE_GITEA_CLIENT_ID     = var.drone_gitea_client
+    DRONE_DATABASE_DRIVER     = var.drone_database_driver
+    DRONE_S3_BUCKET           = var.drone_s3_bucket
+    DRONE_S3_ENDPOINT         = var.drone_s3_endpoint
+    DRONE_S3_PATH_STYLE       = var.drone_s3_path_style
+    DRONE_S3_PREFIX           = var.drone_s3_prefix
+    DRONE_STARLARK_ENABLED    = var.drone_starlark_enabled
+    DRONE_WEBHOOK_ENDPOINT    = var.drone_webhook_endpoint
+    DRONE_WEBHOOK_EVENTS      = var.drone_webhook_events
+    DRONE_WEBHOOK_SECRET      = var.drone_webhook_secret
+    DRONE_WEBHOOK_SKIP_VERIFY = var.drone_webhook_skip_verify
+  }
+}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..cfb559a
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,15 @@
+output "service_name" {
+  description = "Service name for Drone server deployment"
+  value       = kubernetes_service.drone_server.metadata.0.name
+}
+
+output "service_http_port" {
+  description = "HTTP port exposed by the service"
+  value       = kubernetes_service.drone_server.spec.0.port.0.port
+}
+
+output "drone_runner_secret" {
+  description = "Drone runner secret"
+  value       = random_id.rpc_secret_key.hex
+  sensitive   = true
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..9fb2de3
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,147 @@
+variable "namespace" {
+  description = "Namespace to deploy workloads and configuration"
+  type        = string
+  default     = "default"
+}
+
+variable "labels" {
+  description = "Labels to add to the Drone server deployment"
+  type        = map(any)
+  default     = {}
+}
+
+variable "match_labels" {
+  description = "Match labels to add to the Drone server deployment, will be merged with labels"
+  type        = map(any)
+  default     = {}
+}
+
+variable "image_registry" {
+  description = "Image registry, e.g. gcr.io, docker.io"
+  type        = string
+  default     = ""
+}
+
+variable "image_repository" {
+  description = "Image to start for the server"
+  type        = string
+  default     = "drone/drone"
+}
+
+variable "image_tag" {
+  description = "Image tag to for the server"
+  type        = string
+  default     = "2"
+}
+
+variable "drone_admin" {
+  description = "User handle of Drone admin user"
+  type        = string
+}
+
+variable "drone_registration_closed" {
+  description = "Close registration in Drone"
+  type        = bool
+  default     = true
+}
+
+variable "drone_host" {
+  description = "Drone hostname"
+  type        = string
+}
+
+variable "drone_proto" {
+  description = "Drone protocol"
+  type        = string
+  default     = "https"
+}
+
+variable "drone_gitea_url" {
+  description = "Gitea URL"
+  type        = string
+  default     = ""
+}
+
+variable "drone_gitea_client" {
+  description = "Gitea client ID"
+  type        = string
+  default     = ""
+}
+
+variable "drone_gitea_secret" {
+  description = "Gitea client secret"
+  type        = string
+  default     = ""
+}
+
+variable "drone_database_driver" {
+  description = "Drone database driver"
+  type        = string
+  default     = "postgres"
+}
+
+variable "drone_database_datasource" {
+  description = "Database URL"
+  type        = string
+  default     = ""
+}
+
+variable "drone_s3_bucket" {
+  description = "S3 bucket to store Drone blobs"
+  type        = string
+  default     = ""
+}
+
+variable "drone_s3_endpoint" {
+  description = "S3 endpoint for Drone blobs"
+  type        = string
+  default     = ""
+}
+
+variable "drone_s3_path_style" {
+  description = "Use path-style for S3 service"
+  type        = bool
+  default     = false
+}
+
+variable "drone_s3_prefix" {
+  description = "Subdirectory to store log files"
+  type        = string
+  default     = ""
+}
+
+variable "drone_starlark_enabled" {
+  description = "Configure Drone to automatically execute files ending in .star"
+  type        = bool
+  default     = false
+}
+
+variable "drone_user_filter" {
+  description = "Comma-separated list of accounts or organizations that will limit registration of users"
+  type        = string
+  default     = ""
+}
+
+variable "drone_webhook_endpoint" {
+  description = "Comma-separated list of webhook endpoints, to which global system events are delivered"
+  type        = string
+  default     = ""
+}
+
+variable "drone_webhook_events" {
+  description = "Comma-separated list of webhook events"
+  type        = string
+  default     = ""
+}
+
+variable "drone_webhook_secret" {
+  description = "Shared secret used to create an http-signature"
+  type        = string
+  default     = ""
+}
+
+variable "drone_webhook_skip_verify" {
+  description = "Boolean value disables TLS verification when establishing a connection to the remote webhook address"
+  type        = bool
+  default     = false
+}

From 875aa71927f30a0046c51efb183c9a1a4f64aa87 Mon Sep 17 00:00:00 2001
From: RaviAnand Mohabir <moravrav@gmail.com>
Date: Tue, 24 Jan 2023 13:50:40 +0100
Subject: [PATCH 2/8] chore: :see_no_evil: add Terraform.gitignore

---
 .gitignore | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d3e6177
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,37 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Custom
+.env

From 021006315397e687873fc6d7801b410ec523761b Mon Sep 17 00:00:00 2001
From: RaviAnand Mohabir <moravrav@gmail.com>
Date: Tue, 24 Jan 2023 13:50:58 +0100
Subject: [PATCH 3/8] ci: :construction_worker: add Drone CI file

---
 .drone.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .drone.yml

diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..7f79121
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,13 @@
+kind: pipeline
+type: kubernetes
+name: default
+
+steps:
+- name: standard-version
+  image: node:19
+  commands:
+    - git config --global user.email "moravrav@gmail.com"
+    - git config --global user.name "RaviAnand Mohabir"
+    - git config --global url."https://$GIT_USERNAME:$GIT_TOKEN@gitea.ravianand.me/".insteadOf "https://gitea.ravianand.me/"
+    - npm i -g standard-version
+    - standard-version

From 7ed16a5d5315d5acbec66304ed77229edc5be35c Mon Sep 17 00:00:00 2001
From: RaviAnand Mohabir <moravrav@gmail.com>
Date: Tue, 24 Jan 2023 14:16:11 +0100
Subject: [PATCH 4/8] chore(release): 1.1.0

---
 CHANGELOG.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..e4d3238
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,10 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+## 1.1.0 (2023-01-24)
+
+
+### Features
+
+* :sparkles: implement Drone Server Terraform module ([05ee521](https://gitea.ravianand.me/Dan6erbond/terraform-kubernetes-drone-server/commit/05ee5212124ac301d324e829de3f7ec4d21e5b41))

From 14fae30473a8fbb7d4ee4dd852425b2bab86bb82 Mon Sep 17 00:00:00 2001
From: RaviAnand Mohabir <moravrav@gmail.com>
Date: Tue, 24 Jan 2023 14:17:45 +0100
Subject: [PATCH 5/8] ci: :construction_worker: limit standard-version CI to
 main branch

---
 .drone.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.drone.yml b/.drone.yml
index 7f79121..770f3fe 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -11,3 +11,7 @@ steps:
     - git config --global url."https://$GIT_USERNAME:$GIT_TOKEN@gitea.ravianand.me/".insteadOf "https://gitea.ravianand.me/"
     - npm i -g standard-version
     - standard-version
+
+trigger:
+  branch:
+    - main

From 2f231f24f16d2b0ae6850f3fd7b14a5c3a81e085 Mon Sep 17 00:00:00 2001
From: RaviAnand Mohabir <moravrav@gmail.com>
Date: Tue, 24 Jan 2023 14:18:36 +0100
Subject: [PATCH 6/8] ci: :construction_worker: limit to push event

---
 .drone.yml | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 770f3fe..f309d38 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -3,15 +3,17 @@ type: kubernetes
 name: default
 
 steps:
-- name: standard-version
-  image: node:19
-  commands:
-    - git config --global user.email "moravrav@gmail.com"
-    - git config --global user.name "RaviAnand Mohabir"
-    - git config --global url."https://$GIT_USERNAME:$GIT_TOKEN@gitea.ravianand.me/".insteadOf "https://gitea.ravianand.me/"
-    - npm i -g standard-version
-    - standard-version
+  - name: standard-version
+    image: node:19
+    commands:
+      - git config --global user.email "moravrav@gmail.com"
+      - git config --global user.name "RaviAnand Mohabir"
+      - git config --global url."https://$GIT_USERNAME:$GIT_TOKEN@gitea.ravianand.me/".insteadOf "https://gitea.ravianand.me/"
+      - npm i -g standard-version
+      - standard-version
 
 trigger:
   branch:
     - main
+  event:
+    - push

From 1163e5a9b69a01bf5b972bb0fdc8f87cb07e2cf1 Mon Sep 17 00:00:00 2001
From: RaviAnand Mohabir <moravrav@gmail.com>
Date: Tue, 24 Jan 2023 14:19:25 +0100
Subject: [PATCH 7/8] ci: :construction_worker: add git push after
 standard-version

---
 .drone.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.drone.yml b/.drone.yml
index f309d38..9488a6e 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -11,6 +11,7 @@ steps:
       - git config --global url."https://$GIT_USERNAME:$GIT_TOKEN@gitea.ravianand.me/".insteadOf "https://gitea.ravianand.me/"
       - npm i -g standard-version
       - standard-version
+      - git push --follow-tags origin
 
 trigger:
   branch:

From 2229d719e7c72b32741199ffc6302e8457f13c69 Mon Sep 17 00:00:00 2001
From: RaviAnand Mohabir <moravrav@gmail.com>
Date: Tue, 24 Jan 2023 14:19:50 +0100
Subject: [PATCH 8/8] feat: :sparkles: add AWS credentials and region config

---
 main.tf      |  4 ++++
 variables.tf | 24 ++++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/main.tf b/main.tf
index 5775f61..22cba6e 100644
--- a/main.tf
+++ b/main.tf
@@ -175,6 +175,10 @@ resource "kubernetes_config_map" "drone_server" {
     DRONE_S3_ENDPOINT         = var.drone_s3_endpoint
     DRONE_S3_PATH_STYLE       = var.drone_s3_path_style
     DRONE_S3_PREFIX           = var.drone_s3_prefix
+    AWS_ACCESS_KEY_ID         = var.drone_s3_access_key
+    AWS_SECRET_ACCESS_KEY     = var.drone_s3_secret_key
+    AWS_DEFAULT_REGION        = var.drone_s3_default_region
+    AWS_REGION                = var.drone_s3_region
     DRONE_STARLARK_ENABLED    = var.drone_starlark_enabled
     DRONE_WEBHOOK_ENDPOINT    = var.drone_webhook_endpoint
     DRONE_WEBHOOK_EVENTS      = var.drone_webhook_events
diff --git a/variables.tf b/variables.tf
index 9fb2de3..1c58de4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -145,3 +145,27 @@ variable "drone_webhook_skip_verify" {
   type        = bool
   default     = false
 }
+
+variable "drone_s3_access_key" {
+  description = "Drone S3"
+  type        = string
+  default     = ""
+}
+
+variable "drone_s3_secret_key" {
+  description = "Drone S3"
+  type        = string
+  default     = ""
+}
+
+variable "drone_s3_default_region" {
+  description = "Drone S3"
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "drone_s3_region" {
+  description = "Drone S3"
+  type        = string
+  default     = "us-east-1"
+}